There is a ton of confusion out there about Apple’s refusal to comply with a court order. The most level headed account I have been able to find is by the Register and I highly recommend reading it.
The question I am more interested in is the following: what *should* the security design be for unlocking personal devices such as smartphones, but also say smart cars, fitness trackers, etc.
I would posit that each device should ship with an *individual* key that is created by the manufacturer specifically for the purpose of unlocking the device. The key should then be stored in a way where it can be requested by law enforcement (either by the manufacturer or a third party that specializes in compliance for this). The process for such a request should run via the judiciary and mirror that for a warrant.
This type of unlocking could then be requested in a case like the one at hand. It would also be useful in other cases some of which might not even involve law enforcement. Take an inheritance case, for example, where critical documents exist either device only or are encrypted with keys held on a device. Here the request would come directly from probate court.
I would love to hear from folks who really understand security if such a scheme would work or not (and/or point me to people who have thought about this).
